Equifax: Names, Addresses, Driver’s Licenses Were All Stolen In Breach

WASHINGTON, DC (CBS Local) – Equifax is coming clean on just how devastating the 2017 data breach really was. In a letter to the U.S. Securities and Exchange Commission (SEC), officials for the embattled credit reporting agency detailed how much information was actually stolen by hackers.

The Details:

Equifax has released more details on the 2017 data breach

Over 145 million Americans had their names and Social Security numbers stolen

The number of driver’s licenses, emails, home addresses, and TaxID numbers taken has now been disclosed to the SEC

According to a May 7 document submitted to the SEC, 146.6 million people had their names and date of birth exposed. 145.5 million Americans also had their Social Security numbers stolen in the breach.

Those devastating facts had been widely reported since Equifax announced that their files had been illegally accessed between May and July of last year. The company is now revealing how many people also had private information, like addresses, phone numbers, emails, and even taxpayer ID numbers stolen.

According to the release, 99 million Americans had their address stolen. 20.3 million people had a phone number hacked. 17.6 million drivers had their license information taken. 1.8 million emails, 209,000 credit card numbers, and 97,500 Tax ID numbers were also compromised in the data breach.

Equifax was quick to remind the SEC that the hacks did not come from a single company database, but instead from attacks on multiple payment systems linked to Equifax. “The company’s forensics experts found no evidence that Equifax’s US and international core consumer, employment and income, or commercial credit reporting databases were accessed as part of the cyber attack,” company officials wrote in the statement.

Equifax has offered credit protection to any individual affected by the breach, however the company was fooled again and began sending customers to a fake Adobe download page in October. The fake link reportedly filled the victim’s internet browsers with pop-up ads.